Browse Source

Deployed fcc5c4375 to main with MkDocs 1.6.1 and mike 2.2.0

evrardj-roche 4 days ago
parent
commit
8d308fd0d8

+ 17 - 0
main/api/spec/index.html

@@ -5358,6 +5358,23 @@ AkeylessKubernetesAuth
 token stored in the named Secret resource.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>serviceAccountRef</code></br>
+<em>
+<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#ServiceAccountSelector">
+External Secrets meta/v1.ServiceAccountSelector
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>ServiceAccountRef specifies a Kubernetes ServiceAccount used for azure_ad
+authentication on AKS Workload Identity. The operator obtains a federated
+identity token from this ServiceAccount via the TokenRequest API instead
+of using the ESO controller pod identity. Ignored for other access types.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="external-secrets.io/v1.AkeylessAuthSecretRef">AkeylessAuthSecretRef

+ 25 - 0
main/provider/akeyless/index.html

@@ -5479,6 +5479,31 @@ to set your SecretStore with an authentication method from Akeyless.</p>
 </tr>
 </tbody>
 </table>
+<p>For <code>azure_ad</code> on AKS Workload Identity, set <code>authSecretRef.serviceAccountRef</code> to a ServiceAccount annotated with <code>azure.workload.identity/client-id</code> and <code>azure.workload.identity/tenant-id</code>. This field is only used when <code>accessType</code> is <code>azure_ad</code>; other access types ignore it.</p>
+<div class="highlight"><pre><span></span><code><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">external-secrets.io/v1</span>
+<span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">SecretStore</span>
+<span class="nt">metadata</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-azure-ad-wi</span>
+<span class="w">  </span><span class="nt">namespace</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">app-test</span>
+<span class="nt">spec</span><span class="p">:</span>
+<span class="w">  </span><span class="nt">provider</span><span class="p">:</span>
+<span class="w">    </span><span class="nt">akeyless</span><span class="p">:</span>
+<span class="w">      </span><span class="nt">akeylessGWApiURL</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;https://api.akeyless.io&quot;</span>
+<span class="w">      </span><span class="nt">authSecretRef</span><span class="p">:</span>
+<span class="w">        </span><span class="nt">secretRef</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">accessID</span><span class="p">:</span>
+<span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-secret-creds</span>
+<span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">accessId</span>
+<span class="w">          </span><span class="nt">accessType</span><span class="p">:</span>
+<span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-secret-creds</span>
+<span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">accessType</span>
+<span class="w">          </span><span class="nt">accessTypeParam</span><span class="p">:</span>
+<span class="w">            </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-secret-creds</span>
+<span class="w">            </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">accessTypeParam</span>
+<span class="w">        </span><span class="nt">serviceAccountRef</span><span class="p">:</span>
+<span class="w">          </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">akeyless-wi-sa</span>
+</code></pre></div>
+<p>For <code>ClusterSecretStore</code>, set <code>serviceAccountRef.namespace</code> when the ServiceAccount is not in the same namespace as the consuming <code>ExternalSecret</code>; otherwise the ServiceAccount is resolved from that namespace. Sovereign Azure clouds (US Government, China) are supported when <code>AZURE_ENVIRONMENT</code> or <code>AZURE_CLOUD</code> is set accordingly, matching the non-WI <code>GetCloudId</code> path.</p>
 <p>For more information see <a href="https://docs.akeyless.io/docs/access-and-authentication-methods">Akeyless Authentication Methods</a></p>
 <h4 id="creating-an-akeyless-credentials-secret">Creating an Akeyless Credentials Secret</h4>
 <p>Create a secret containing your credentials using the following example as a guide:</p>

File diff suppressed because it is too large
+ 0 - 0
main/search/search_index.json


BIN
main/sitemap.xml.gz


+ 22 - 0
main/snippets/akeyless-secret-store-azure-ad-wi.yaml

@@ -0,0 +1,22 @@
+apiVersion: external-secrets.io/v1
+kind: SecretStore
+metadata:
+  name: akeyless-azure-ad-wi
+  namespace: app-test
+spec:
+  provider:
+    akeyless:
+      akeylessGWApiURL: "https://api.akeyless.io"
+      authSecretRef:
+        secretRef:
+          accessID:
+            name: akeyless-secret-creds
+            key: accessId
+          accessType:
+            name: akeyless-secret-creds
+            key: accessType
+          accessTypeParam:
+            name: akeyless-secret-creds
+            key: accessTypeParam
+        serviceAccountRef:
+          name: akeyless-wi-sa

Some files were not shown because too many files changed in this diff